What is the security or performance risk in including all of UDF's on every page request in ColdFusion?

Question

I currently have my model and controller cfc's extend a cfc, via a Proxy component, that has all my functions. This makes all those UDF's available everywhere in the app. Are there security or performance risks in doing this? I use my models in an OO fashion. Including these functions like this makes them a part of each object as well. Specifically, could that cause performance issues when creating a lot of objects in a single page request?

I'm using CF 9 and 10 with this framework.

Thanks!

Answer 1

I think this is less a security/performance concern and more a... "ick" concern. ;) CF, especially in 9 and 10, has very fast performance, especially after the first hit. I remember doing some testing with including a 1000 or so UDFs and after the initial hit it was pretty much instantaneous. That being said, just because you can do it doesn't mean you should do it. The Application.cfc is specifically built as a way to manage your Application and how it acts. Your model/service/controller CFCs should not be extending them. The normal rule for extension is "Does A pass the 'Is A' test for B?" and your CFCs definitely are not "Is A" Application.cfc type.

What I'd recommend instead is to create a CFC for your utility functions. Heck, call it util.cfc. Then if your model or other CFCs need these functions, inject them in via a setter (and something like ColdSpring could make this even easier).